﻿namespace UltimateNavigationFramework.Authorisation
{
    public class Deny : NavigationAuthorisation, IAuthorisationRuleElement
    {
        #region IAuthorisationRuleElement Implementation
        /// <summary>
        /// Indicates whether permission is allowed
        /// </summary>
        /// <param name="principal"></param>
        /// <returns></returns>
        public bool IsAllowed(System.Security.Principal.IPrincipal principal)
        {
            return false;
        }

        /// <summary>
        /// Indicates whether it is denied
        /// </summary>
        /// <param name="principal"></param>
        /// <returns></returns>
        public bool IsDenied(System.Security.Principal.IPrincipal principal)
        {
            // Checks for user access
            if (this.Users != null && HasUser(this.Users, principal))
                return true;

            // Checks for roles access
            return principal != null
                    && principal.Identity != null
                    && principal.Identity.IsAuthenticated
                    && this.Roles != null
                    && HasAnyRole(this.Roles, principal);
        }
        #endregion   
    }
}
